Gladish, Jacob wrote: > Before proceeding with my current plan, I wanted to get any feedback > from anyone who may have explored building a mono app that has > setuid. My application is mostly managed code, with a few p/invoke > calls, but it's been pretty platform agnostic thus far. I need to > have setuid privileges on my app, and the best way I have come up > with so far is to have a small native app that acts as a host that > has setuid on it. I certainly don't want to change the permissions on > /usr/bin/mono. Does anyone have any other suggestions?
Employing a wrapper is a good plan, but you should sanitize or clean the environment (i.e. wiping all vars which start with MONO_*) before passing control to mono. Otherwise a malicious caller might be able to instruct mono to create arbitrary files with the ID of the setuid user. Robert _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
